50 years into the era of personal computing, the idea that all computers should come preloaded with spyware had only really been seriously entertained by authoritarian regimes like North Korea. Apparently now it’s going mainstream. cato.org/blog/apples-ip…
I’m curious how far they’ve thought out the legal end of this. A government (ours or an uglier one) approaches Apple with a court order saying “here’s a list of hash values we want you to add to the scan list you’re pushing out”. Can they refuse? Or even tell anyone?
This isn’t really a “slippery slope” — it’s a single heavily greased step. You need one order with a gag attached saying “you’re required to add this list of hashes” & your carefully crafted child protection system becomes an all-purpose population-scale search tool.
And a whole bunch of the arguments Apple deployed in the San Bernardino encryption case don’t obviously apply if they’ve already built the scan architecture & a government is just adding items to a preexisting list.
I should add, because a couple folks have noted this: IF this were implemented only as Apple intends and for the purposes it states, then yes, this would be functionally identical to the sort of scanning that’s routine on platforms & cloud storage services….
…and indeed, arguably significantly more privacy protective than most. But that strikes me as an incredibly naive way to evaluate technological architectures against a backdrop of compelled assistance by states with wildly varying commitment to civil liberties.
If everything operates precisely as Apple intends, scanning client-side is at worst an accounting detail & at best enables greater privacy. If everything does not operate precisely as Apple intends, moving scans client-side is a dangerous Rubicon to cross.
One in-the-weeds detail: Apple’s current design does have the final step of the “match” process happening server-side. That is: The phone checks images for a match but doesn’t “know” it found a match, which requires a server-side secret. apple.com/child-safety/p…
This is good design! And if your baseline is the quite common “file is uploaded unencrypted & scanned server-side” (rather than zero-knowledge) you could argue it’s a privacy improvement. But I doubt it’s worth crossing the Rubicon of coopting the device into the process.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Julian Sanchez

Julian Sanchez Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @normative

2 Aug
This is just a bizarre argument on multiple levels. (1) Snow Crash is a pretty late arrival in terms of fictional portrayals of virtual networked spaces, a decade after Vernor Vinge’s “Other Plane” & 8 years after Gibson’s “Cyberspace”.
(2) The fictional “metaverses” are jazzed up sci-fi versions of actual MUDs that were emerging around the same time, and which most people don’t consider “dystopian.” (3) Fictional cyberspaces were dystopian to the extent *the cyberpunk genre* was dystopian.
(4) Successful scifi is, you know, usually about tech going wrong in some dramatic way. Utopias are boring. That’s why Star Trek isn’t set on Earth with everyone celebrating post-scarcity life in the Federation.
Read 5 tweets
2 Aug
The New Yorker profiles “Spyder,” the phony “cybersecurity expert” behind Sidney Powell’s nonsense claims of election hacking. newyorker.com/news/american-…
My only beef with the profile is that you could come away with the impression that this guy actually has some clue what he’s talking about; I wish they’d interviewed a few real cybersecurity experts to explain how ridiculous & amateurish his analysis was.
The author makes clear this guy has a penchant for conspiracy theories, but there’s almost nothing on the substance of his incompetent dream-logic affidavit.
Read 4 tweets
29 Jul
Fascinating story on several levels. One is that the specter of some nebulous link to “CRT” is galvanizing opposition to ideas that parents either wouldn’t object to otherwise, or wouldn’t want to admit to objecting to.
Another is that nobody seems to question whether or when it’s the role of the school to address despicable behavior by students outside of school—that part seems to be taken for granted.
The article notes that a vile Snapchat group in which students conducted a mock slave auction prompted "investigations from Traverse City Area Public Schools and the Grand Traverse County prosecutor’s office” culminating in a recommendation the students receive counseling.
Read 4 tweets
23 Jul
NSA review reportedly finds Tucker Carlson wasn’t even incidentally collected on—they picked up Russians discussing his interview request. therecord.media/nsa-review-fin…
Which, incidentally, I wrote a while back was the most likely explanation. cato.org/blog/tucker-ca…
If that report is accurate, then (a) NSA didn’t do anything obviously improper here, and (b) Tucker has (presumably inadvertently) provided Russia with valuable intelligence about which of their communications facilities NSA is actively monitoring.
Read 5 tweets
23 Jul
The thread is sort of fascinating because you can tell McNally knows Forrest is indefensible—he just falls back on “…but they’ll come for Washington next!” Also sort of a sad admission that everyone else the state venerates is repulsive. Maybe you need new heroes.
FWIW, the “redemptive arc” is that at the very, very end of his life Forrest made a speech that contradicted the racist ideals he’d fought for his entire life. But all the actual achievements he’s honored for were in service to slavery and white supremacy.
If the best defense someone can offer of you is: “Well, on his deathbed he seemed to recognize that his entire life’s work had been devoted to evil,” maybe… you don’t get a statue for that?
Read 8 tweets
21 Jul
NSO’s own denial is internally incoherent. If they don’t have access to client data, how could they know whether or not this is a list of Pegasus targets?
I mean, unless I’m missing something… you have to pick one. If you’re claiming you don’t have visibility on targeting & these numbers have “nothing to do” with NSO, then for all you know it might be a list of targets.
You can’t be all: “I know nothing of this murder or the victim. Also I was nowhere near 327 Spruce Street at 8:57 on the night of the 12th, and have never purchased Mapes brand 13.5 piano wire.”
Read 17 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(